Researcher releases attack code for just-patched Windows bug

Gregg Keizer |
Jan. 19, 2011

Attack code for a Windows vulnerability that Microsoft patched last week was released by a researcher one day after the company fixed the flaw.

While Microsoft has repeatedly defended ASLR's and DEP's effectiveness -- it applauded the technologies just days after Vreugdenhil and another researcher evaded both at Pwn2Own -- the company's security engineers have also acknowledged that hackers are finding ways to bypass both by exploiting weaknesses in ASLR.

"They're just hurdles," said Portnoy. "They don't make it impossible [to run attack code], but they do make it harder."

Last month, Microsoft reaffirmed its confidence in ASLR and DEP when Matt Miller of the Microsoft Security Engineering Center (MSEC) said that they "are strong countermeasures for the types of attacks that we see in the wild today despite weaknesses in their current implementations."

Portnoy begged to differ.

"Just because they've seen none in the wild doesn't mean that they haven't been used," Portnoy said. "It just means that Microsoft hasn't seen them."

TippingPoint will again sponsor the Pwn2Own contest at the CanSecWest security conference, which is slated to run March 9-11. Portnoy said TippingPoint would release more information about this year's Pwn2Own early next month, but confirmed that it would highlight browser and mobile exploits.

One change this year is that Pwn2Own will offer cash prizes to researchers who successfully hack into a mobile phone's broadband processor, opening the door for exploits of bugs in the firmware of the chips that process a phone's radio signals.